Metadata and the Evolution of Security

Last week, I gave a presentation on security for control systems in general and Smart Grid in particular, entitled “Air-gap to Always Connected”, at the ECC 2013 conference in Zurich. This was part of a set of presentationsfocused on security for control systems (see the ThC1 Tutorial Session) including discussions of the theory of secure control systems by Bruno Sinopoli, of game theory and control systems security by Cedric Langbort, and of security for power systems by Henrik Sandberg.


Security Analytics and the OECD Security Guidelines

In 2002, the OECD (Organization for Economic Cooperation and Development) published a revision of their 1992 Security Guidelines, reflecting significant changes in information technology and information security during that 10-year period. The 2002 OECD Guidelines for the Security of Information Systems and Networks played an important role in fostering a “culture of security”, including through their influence on the ISO 27001 standard.

The Fragmented Picture of Mobile Security

I was in Munich last week, speaking at the European Identity and Cloud Conference in a panel on standards for mobile security. It was a very good session, not least because of the colleagues who joined me on the panel. John Sabo spoke about the work he’s doing in privacy frameworks.  Tony Nadalin spoke about…

The Sea of Trust: Cloud, Big Data and Security at EMC World

In his #EMCworld keynote on Tuesday morning, Joe Tucci used the phrase “the sea of trust” to capture the pervasive role that security has to have in the success of the “third platform” of mobile, cloud and big data. It’s a great metaphor, reflecting not only the pervasiveness that security has to have, but also the dynamism and power that it needs to embrace.

Cybersecurity@EMCworld 2013: Transforming the Trusted Cloud

In my earlier blogs on Transforming Security Analytics and Transforming Trust, I wrote about the strong focus we have on cybersecurity at this year’s EMCworld, previewing several of the sessions that will highlight security topics. In addition to those presentations, we’ll also once again have a Birds-of-a-Feather session, focused on Building your Trusted Cloud. It’ll…

Cybersecurity@EMCworld 2013: Transforming Trust

The application of Big Data analytics to security has resulted in a transformation not only in detecting and responding to threats. It also transforms how we establish and evaluate trust, based on understanding risk rather than expecting absolute security. This transformation doesn’t just affect security professionals. Understanding trust is critical for many of the topics that are explored at EMCworld, including cloud, virtualization, storage and document management. Understanding trust can help in enabling new business opportunities, finding more effective operational processes and working more effectively with partners.

Security @ EMCworld 2013: The Transformation in Security Analytics

We’re well into the preparations for EMCworld 2013, to be held May 6-9 in Las Vegas. There’s been a significant RSA presence at EMCworld ever since RSA was acquired by EMC back in 2006 – including the presentation I gave on storage encryption and key management back at EMCworld 2007 in Orlando! This year we’ll have even more RSA presence than ever, exploring the “Lead your Transformation” theme from the perspective of security and trust.

PKCS #11: Alive and Well!

We had our first meeting of the OASIS PKCS 11 Technical Committee last week, a very interesting and exciting start to this new stage in the life of the PKCS #11 standard. It was a very impressive gathering of folks from many different companies and countries, a breadth of participation evident in the officers and…